Dragonfly

Dragonfly is a cyber espionage group that has been active since at least 2011. They initially targeted defense and aviation companies but shifted to focus on the energy sector in early 2013. They have also targeted companies related to industrial control systems. [1]

A similar group emerged in 2015 and was identified by Symantec as Dragonfly 2.0. There is debate over the extent of the overlap between Dragonfly and Dragonfly 2.0, but there is sufficient evidence to lead to these being tracked as two separate groups. [2] [3]

ID: G0035
Aliases: Dragonfly, Energetic Bear
Version: 1.0

Alias Descriptions

NameDescription
Dragonfly[1]
Energetic Bear[1]

Software

IDNameTechniques
S0093Backdoor.OldreaCredential Dumping, Data Encrypted, Data Obfuscation, Email Collection, File and Directory Discovery, File Deletion, Process Discovery, Process Injection, Registry Run Keys / Startup Folder, System Information Discovery, System Network Configuration Discovery, System Owner/User Discovery
S0094Trojan.KaraganyCredential Dumping, Data Staged, Process Discovery, Registry Run Keys / Startup Folder, Remote File Copy, Screen Capture, Software Packing

References